Has The Cyber ‘Pearl Harbor’ Already Happened?

Uploaded on 2016-06-21 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Over the past few years an abundance of rhetorical bravado has been creatively exhausted by the US legislative community and law enforcement to expedite legislation that will protect us from a future cyber event so catastrophic, so devastating, that it could only be described as “The Cyber Pearl Harbor".

The fact is that, the Cyber Pearl Harbor that many seem to be waiting for has already occurred in the embodiment of the Office of Personnel Management breach. The devastation to our counter intelligence, general population and federal landscape as a whole is so profound that the damage of this breach has yet to be fully calculated. 

Compounded by the Anthem breach, over 100 million Americans have their most intimate personal details in the hands of a foreign APT, most likely controlled by China, for multi-generational exploitation, blackmail and surveillance. Strangely, an incident that should have had Americans protesting in the streets, was quickly swept under the rug and vanished from conversation. 

From Al Qaeda to Al Shabaab, from Boko Haram to ISIS, this Cyber Caliphate flourishes in the techno nutrient rich, binary soil of the Internet and continually reinforced via graphic imagery and unique story telling in publications such as Dabiq and Kybernetiq. The rapid success of the Cyber-Jihad movement has been expedited via magnification of xenophobia, powerful and organized propaganda and the targeting and recruitment of social outcasts from the American Midwest to the Streets of Paris and London, and religious zealots who make easy recruits for carrying out cyber-attacks as part of the collective and lone wolf initiatives. 

Al Qaeda: 

Al Qaeda founder Osama bin Laden relied on charisma, fatwas, and rhetoric to rally militants to his cause. After bin Laden’s death in 2011, Ayman al Zawahiri assumed control of the organization. 

According to cloud security firm, BatBlue, Al Qaeda has used technology and the Internet to distribute officially sanctioned propaganda since the 1980’s. In the 1990’s, the group began to use the Internet for secure communications between members. Most Al Qaeda communications are encrypted or obfuscated in some way. 

Al Shabaab: 

Al Shabaab is a Somalia based militant organization with strong ties to Al Qaeda. Al Shabaab was the militant wing of the Somali Council of Islamic Courts that seized southern Somalia in late 2006 until 2007. Since then, it has continued to fight in southern and central Somalia, relying on guerilla warfare and terrorist tactics. Al Shabaab is not centralized or monolithic in its agenda or goals. It consists of disparate clans; consequently, it is susceptible to internal strife, clan politics, and brittle alliances. It does not appear interested in a global jihad. 

Boko Haram: 

Boko Haram is a terrorist organization that strives to establish a militant Islamic state in Nigeria. Founded by Mohammed Yusuf in 2002, the group initially focused on opposing Western education. Initially, it recruited local children through a school that claimed to promote an Islamic education. The children were trained as soldiers and it began launching military operations in 2009 in an attempt to create an Islamic state. 

The group was aligned to Al Qaeda until January 2015, when it switched allegiance to ISIS. Afterward, the group’s presence on social media and its distributed propaganda materials have become more robust. It is possible that it receives assistance from ISIS in the creation and distribution of its materials. Prior to its association with ISIS, Boko Harem used the internet to distribute propaganda and to conduct unsophisticated online scams to raise funds. The group’s social media presence remains inconstant and poorly aligned with its other propaganda. 

After allying with ISIS, its published videos and photographs began to mirror that of ISIS. Boko Harem has not yet begun to heavily recruit online. Its propaganda is used more to spread fear than to recruit. It is possible that the group raised funds in the past through an advanced fee fraud or 419 scam. Essentially, the scam involves promising a victim a share in greater financial holdings if they provide a forward investment to “free the funds”. Security researchers believe that the group still does the 419 scam because it is still profitable for them and because it allows them to target individuals, instead of large organizations or governments. 

The group has not shown signs of adopting more sophisticated methods of raising funds, such as ransomware. At the time of this writing, Boko Harem does not have a widespread cyber strategy; however, its alliance with ISIS may lead to the rapid development of newfound capabilities. 

ISIS

The Islamic State of Iraq and Syria (ISIS), also known as the Islamic State of the Levant (ISIL), the Islamic State (IS) or the Daesh, was originally formed as an Iraqi branch of Al Qaeda in 2004. 

It has since developed into an independent organization that is more radical in its views and more technologically sophisticated in its use of social media and the internet. In summer 2014, ISIS leader Abu Bakr al-Baghdadi declared a global jihad. He called on all Muslims to join his cause by either travelling to Iraq or Syria or by supporting the jihad locally. The call specifically focused on recruiting technically skilled and sophisticated individuals, such as engineers, hackers, and doctors, to join the cause. 

ISIS leader Abu Bakr al Bagdadi avoids public exposure and he relies on ruthless violence to assert his power. Bagdadi is the supreme religious and political leader within ISIS. In 2014, he personally issued the call for all “true Muslims” to join in a global caliphate. The caliph has unchecked authority, but it relies on regional deputies to oversee its regions and manage the imposed administration in each region. The Shura Council can theoretically depose the caliph; however, such an action is unlikely since all members were appointed by al Baghdadi. 

ISIS has a strong online presence that heavily recruits and promotes “lone-wolf” actions through social media. Their radical beliefs are spread by a diverse, unregulated band of digital zealots across conventional social media such as Twitter, Facebook, and Tumblr, and on less conventional channels such as forums and message boards. Members target lonely and misguided individuals, regardless of their initial beliefs, by offering a sense of community and by glamorizing the fight, actions, and lifestyle of the movement. 

ISIS poses an active cyber threat by working with lone hackers, hacker groups, and by appropriating open source online materials. Some members are technically sophisticated enough to promote the message and culture by defacing websites, social media accounts, and other media channels with text, images, and videos, glorifying the agenda of the group. 

The technical tools, techniques, and procedures of the group are rapidly escalating as its membership and resources increase. Increases in ISIS online activity tends to coincide with major current events. The group capitalizes off the chaos that it creates, such as launching a major Twitter campaign after the Paris attacks, as well as by turning global events, such as the Syrian refugee crisis, to its advantage. 

ISIS encourages young supporters to tweet, blog, and otherwise share their reactions, opinions, and views. The group calls new recruits to conduct domestic lone-wolf attacks using novel mechanisms, such as the hashtag “#FightforHim” following the Paris attacks. 

The success of the ISIS propaganda campaign is influencing how other groups use the internet. In much the same manner that newspapers’ popularity declined in favor of online media, static propaganda publications are declining in favor of robust, dynamic multi- platform campaigns. Their social media campaigns are widespread, resilient, and adaptive. ISIS content is constantly removed from conventional social media; however, they have or had a presence on Facebook, Twitter, Tumblr, Instagram, Friendica, Diaspora, and other outlets. 

Their videos are edited, clear, and include special effects. Video content has been released on YouTube, IS-tube, Dailymotion, personal blogs, and on other media hosting networks. They have released podcasts and interviews on Ask.FM, Mixir, Paltalk, and other channels. ISIS has also used more conventional media outlets, such as Al-Battar Media, Dawla Media, and Al-Platform Media, to spread its message. 

Defaced websites are often reconfigured to feature the flag of ISIS and phrases like “Hacked by the Islamic State”. The defacements are meant to scare Western businesses and organizations more than recruit new followers. Website defacement often occurs through widely publicized vulnerabilities, such as an outdated WordPress plugin. Those affected range from businesses, to schools, to individual users. 

By inconveniencing small targets, ISIS creates a sense of fear and xenophobia in the target population that it can leverage to recruit Muslims and social outcasts who are disenfranchised by cultural stigmas. Screenshots, recordings and lists of defaced and targeted websites have been found on forums, such as Aliyyosh, an Arab hacker forum. 

Stolen Personal Identifiable information belonging to Israelis and Western and American Jews has also been discovered on the forums. In March 2015, a list of names, units, addresses, and photographs of over one hundred U.S. military personnel, supposedly involved in the bombing of ISIS targets, was posted online. 

Motive: 

Extremist groups such as ISIS aspire to create chaos, inflict harm, and disrupt services in the nations and organizations that they oppose. In many cases, small attacks that incite panic and fear in many members of the population are just as effective as large attacks that embarrass or undermine opposing geopolitical powers. 

Jihadist groups are increasingly motivated to adopt cyber-defensive capabilities, such as encryption applications and anonymity tools, so that their members can remain undiscovered within the general population and so that their activities remain unknown to opposing intelligence and counterintelligence entities. By developing cyber-offensive capabilities, extremist groups can raise funds, inflict harm from across the globe, gather information about targets, 

The ISIS Cyber “Help Desk”: 

In November 2015, the media reported that ISIS has spent over a year developing a “24- hour cyber help desk”, across a series of forums, applications, and social media platforms, to assist its followers in remaining anonymous and instructing them on basic hacker tools, techniques, and procedures. 

The campaign is intended to spread the Jihadist message to new recruits, spread greater fear, and increase the number of attacks against foreign nations. The primary function of the help desk was to instruct perspective jihadists in the use of encryption and other secure communication applications to evade law enforcement and intelligence authorities. 

The group promotes the use of deep web forums and secure platforms to obfuscate their activities so that they can covertly plan recruitment, propaganda, and terror campaigns without worrying that signal intelligence or other indicators will expose their operations.

Conclusion

ISIS has already been purchasing attacks on Western organizations and critical infrastructure for years. Groups like ISIS might hate Western culture and practices, but they have no qualms about appropriating and weaponizing material and assets developed in those regions. 

They use guns manufactured in the United States and Russia and vehicles from Japan, so why would they refuse to use malware or hackers from foreign nations. To the zealots, the cyber assets are just more weapons to use in their battle. In all likelihood, the cyber-mercenaries hired would not know if they were conducting attacks on behalf of the terrorist organization. As a result of the anonymity that the hackers themselves rely on, they would unknowingly infect systems, steal data, or otherwise cause chaos for a terror organization. 

Given a fiscal asset portfolio at a very conservative estimate of over $1 billion, ISIS can hire many hackers to conduct many attacks. If those attacks result in stolen data, intellectual property, or other intangible assets, then the organization can sell the data to perpetuate the cycle. 

While many cyberterrorist organizations are lacking in their capacity to pose a significant cyber threat to global organizations, ISIS already possesses the motive, means, and opportunity to acquire the personnel and code necessary to begin launching devastating cyber campaigns. 

ICITech:

 

« Your Next Security Analyst Will Probably Be A Computer
Cyber Insurance Is Changing How We Look At Risk »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

Carbide

Carbide

Carbide (formerly Securicy) breaks down enterprise-class security and privacy requirements and makes them accessible to, and achievable by, companies of all sizes.

Trinity Cyber

Trinity Cyber

Trinity Cyber’s patent-pending technology stops attacks before they reach internal networks,reducing risk and increasing cost to adversaries.

Dice

Dice

Dice is a leading recruitment platform, helping technology professionals manage their careers and employers connect with highly skilled tech talent in specialist areas including cybersecurity.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

VirtualArmour

VirtualArmour

VirtualArmour is a managed security services provider with global reach and local attitude.

Deduce

Deduce

Deduce use a combination of aggregate historical user data, identity risk intelligence, and proactive alerting to deliver a robust identity and authentication solution.

Securd

Securd

Securd takes opportunities away from your cyber adversaries. Cloud-delivered zero-trust DNS firewall and web filtering protection keep your business network and remote employees safe.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Antares NetlogiX

Antares NetlogiX

Antares Netlogix are a leading Austrian service provider for IT security, critical infrastructures and managed security services.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

Revytech

Revytech

Revytech is a tech company providing services in a broad range of areas including IT operations, cyber security and network engineering.

Inoxoft

Inoxoft

Inoxoft delivers IT security consulting, assessment, and protection services to help businesses secure their infrastructure, applications, and sensitive data.

Seamfix

Seamfix

Seamfix helps businesses and their customers globally to seamlessly create, verify and access trusted digital identities and services.